Lawmakers and state Attorneys General have written to the U.S. Department of Health and Human Services Secretary, Xavier Becerra, criticizing the proposed update to the HIPAA Privacy Rule that seeks to improve reproductive health information privacy.
Lawmakers Criticize HIPAA Privacy Rule Change for Not Going Far Enough to Protect Patient Privacy
In response to the proposed changes, Senators Ron Wyden (D-Ore.), Patty Murray (D-Wash.), and Rep. Sara Jacobs (D-CA) wrote to the HHS Secretary calling for the HHS to take further steps to protect the privacy of Americans, and not only apply the proposed changes to reproductive health information but all categories of protected health information (PHI).
The proposed HIPAA Privacy Rule changes, if enacted, will improve protections for certain categories of PHI but the lawmakers claim the changes do not go far enough and there is a need to expand the protections to cover all PHI and ensure it has the same protections as the contents of phone calls, emails, text messages, and geolocation data “to protect Americans from warrantless government surveillance.”
“Americans should be able to trust that the information they share in confidence with their doctors when seeking care will receive the highest protections under the law, regardless of the specific medical issue,” wrote the lawmakers. They explain that while the HIPAA Privacy Rule does not force healthcare professionals to testify about their patients’ medical conditions, under the current HIPAA regulations, medical records can be subpoenaed by law enforcement agencies who do not need to show probable cause of crime and there is no oversight from an independent judge. “The ability of law enforcement agencies to subpoena these records undermines patients’ legal protections, particularly in an era of digital health records, where every patient interaction is carefully documented.”
The lawmakers request the HHS update the proposed Privacy Rule change to require law enforcement agencies to obtain a warrant before forcing doctors, pharmacists, and other healthcare providers to turn over their patients’ records. Instead of the current text of the HIPAA Privacy Rule – 64.512(f)(1)(ii) – permitting law enforcement to obtain PHI with a subpoena, administrative request, or a court order, the Privacy Rule should prohibit such disclosures unless there is a search warrant, issued by a judge, upon a finding of probable cause of a crime.
Further, in cases when medical records are disclosed after a search warrant is served, law enforcement should be prohibited from disclosing the records to other law enforcement agencies, unless the disclosures are related to the investigation of the same alleged crime. They also call for the law to be updated to ensure that individuals are notified about any disclosure of their PHI to law enforcement agencies. The lawmakers claim such a change would be consistent with the protections afforded to other sensitive data under federal law and the Fourth Amendment to the Constitution.
The lawmakers believe that the proposed changes are not sufficient to prevent rogue state Attorneys General from attempting to obtain the private health records of Americans, including, but not limited to, the records of individuals seeking a legal abortion or medical assistance with gender transition. Such healthcare decisions need to be taken by each individual whereas certain state Attorneys General believe those decisions are everyone’s business.
The letter was signed by Sens. Bernard Sanders, Tammy Baldwin, Peter Welch, Tammy Duckworth, Sherrod Brown, Chris Van Hollen, Elizabeth Warren, Edward J. Markey, Martin Heinrich, Mazie K. Hirono, Alex Padilla, John Fetterman, Debbie Stabenow, Raphael Warnock, Maria Cantwell, Kirsten Gillibrand, Cory A. Booker, Pramila Jayapal, Ted W. Lieu, James P. McGovern, Madeleine Dean, and Delia C. Ramirez and Congress members, Barbera Lee, Anna G. Eshoo, Josh Gottheimer, Adam B. Schiff, Nikema Williams, Raúl M. Grijalva, Veronica Escobar, Eleanor Holmes Norton, Earl Blumenauer, Jasmine Crockett, Rashida Tlaib, Ro Khanna, Ilhan Omar, David J. Trone, Andrea Salinas, Henry C. Johnson Jr., Val Hoyle, Nydia M. Velázquez, Suzanne Bonamici, Zoe Lofgren, Mikie Sherill and Becca Balint.
19 State Attorneys General Claim Reproductive Health Information Privacy Rule Change is Unlawful
While some lawmakers feel the Biden Administration’s plans do not go far enough to protect the privacy of Americans, others are challenging the attempt to change the HIPAA Privacy Rule to prevent disclosures of reproductive health information to law enforcement and claim the proposed changes will prevent the enforcement of state laws and will hamper investigations of women who seek illegal abortions. Tennessee Attorney General, Jonathan Skemetti, said, “The HHS does not have authority to change the law in contradiction of the statute passed by Congress,” in a letter to the HHS Secretary challenging the proposed HIPAA Privacy Rule change. The letter was signed by 18 other state Attorneys General from Alabama, Alaska, Arkansas, Georgia, Idaho, Indiana, Kentucky, Louisiana, Missouri, Montana, Nebraska, North Dakota, Ohio, South Carolina, South Dakota, Texas, & Utah.
They argue that the decision of the Supreme Court to remove the Federal right to abortion and put the matter into the hands of individual states allowed states to introduce laws prohibiting or restricting abortions, but updating federal HIPAA law to prevent disclosures of reproductive health information would essentially make it difficult, if not impossible, to enforce state laws. States such as Tennessee that have introduced a ban on abortions for state residents would not be permitted to obtain information on state residents that travel out of state to circumvent state laws and have abortion procedures.
In the letter, Attorney General Skemetti claims the Biden Administration is pushing a false narrative that states are looking to treat pregnant women as criminals and punish healthcare professionals that provide lifesaving care. “Based on this lie, the Administration has sought to wrest control over abortion back from the people in defiance of the Constitution and Dobbs. The proposed rule here continues that effort,” said Skemetti, who claims the proposed HIPAA update is unlawful and does not serve any legitimate need, and “is a solution in search of a problem.”
The broad definition of “reproductive healthcare” in the proposed rule which includes information “related to reproductive organs, regardless of whether the health care is related to an individual’s pregnancy or whether the individual is of reproductive age,” means there is the potential for the proposed rule to interfere with the ability of state authorities to investigate child abuse cases and other serious crimes. Skemetti also expressed concern that the proposed rule would also obstruct state laws concerning experimental gender-transition procedures for minors and help to further the Biden Administration’s “radical transgender policy goals.”
Attorney General Skemetti points out that for more than 20 years the Federal HIPAA laws have helped to protect the privacy of Americans and ensure their health data remains private and confidential; however, HIPAA permits disclosure of health information to law enforcement and state authorities to protect public health, safety, and welfare, and the proposed change will prevent states from performing that important duty. The Attorneys General have called for the proposed HHS rule change to be withdrawn as it is unlawful and exceeds the HHS’s statutory authority.
The post HHS Criticized Over Proposed Reproductive Health Care HIPAA Privacy Rule Update appeared first on HIPAA Journal.
